Threat Hunting > [T2]: Enroll Elastic Agent via Fleet in Kibana
In this lesson, we will learn how to install the Elastic Agent on an endpoint and enroll it in the Fleet.
Access the Fleet via Kibana
Elastic uses a feature called Fleet to manage agents and the enrollment process. We will use Kibana to access the Fleet. Follow these steps:
- Access Kibana at
https://127.0.0.1:5601. - In the left-hand menu, click on the "Fleet" tab.
Update Fleet Settings and Create Agent Policy
- Click on the "Settings" tab and update the Fleet settings as needed.
- Edit the Host URL to be http://127.0.0.1:8220
- Wait for the Fleet Server to turn green (indicating a healthy status).
- Go back to the "Agents" tab and click on the "Create agent policy" button.
- Provide a name and description for the policy and click "Create agent policy."
Add Integrations to the Policy
- Click on the "Add integration" button within the agent policy.
- Select the "Endpoint Security" integration and click "Add Endpoint Security."
- Configure the integration as needed and click "Save integration."
Install and Enroll the Elastic Agent
- Go back to the "Agents" tab and click on the "Add agent" button.
- Follow the on-screen instructions to download and install the Elastic Agent on your endpoint.
- Copy the enrollment command displayed in Kibana's UI and paste it into your endpoint's terminal.
- Add the
--insecureflag to the enrollment command before running it. This flag is necessary when using self-signed certificates.
Once the Elastic Agent is installed and enrolled, it will start sending data to your Elastic Stack. You can then use Kibana to analyze the collected data and create visualizations, dashboards, and detection rules.
In the next lessons, we will dive deeper into Kibana concepts, dashboards, data visualization, and writing detection use cases.